CVE-2025-30941
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30941 is a Cross Site Scripting (XSS) vulnerability in the WordPress Pinterest Verify Meta Tag plugin versions up to 1.3. It allows an attacker with administrator privileges to inject malicious scripts, such as redirects or advertisements, into a website. These scripts execute when visitors access the site. The vulnerability is due to improper neutralization of input during web page generation, making it a stored XSS issue. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers with admin access to inject malicious scripts into your website. These scripts can perform unwanted actions like redirecting visitors, displaying unauthorized advertisements, or executing other harmful HTML payloads. This can lead to compromised user experience, potential data theft, or damage to your website's reputation. Since the plugin is abandoned and unpatched, the risk remains unless you replace the plugin or apply virtual patching. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the Pinterest Verify Meta Tag WordPress plugin version 1.3 or earlier is installed and active. Since the vulnerability allows an attacker with administrator privileges to inject malicious scripts, monitoring for unusual script injections or unexpected HTML payloads in the website content may help. However, no specific detection commands or tools are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the vulnerable Pinterest Verify Meta Tag plugin with an alternative solution, as no official patch or fix is available and the plugin is abandoned. Simply deactivating the plugin is insufficient unless a virtual patch (vPatch) is applied. Applying virtual patching is recommended to auto-mitigate the vulnerability in the absence of official fixes. [1]